Open in app

Sign in

Write

Sign in

Cartographer Web Challenge — HackTheBox

Kamran Saifullah
2 min readNov 2, 2018

--

After the completion of 2 web challenges successfully it’s time to move onto the Cartographer.

This challenge is all about hacking into C&C Server.

On opening the IP/DOMAIN:PORT we have the login panel to log into the portal. No common username and passwords work here as i tried admin:admin etc and other combinations while not bruteforcing the panel.

I always try to bypass the login panels using SQL Injection Queries and it worked fine here. I was logged into the panel.

Notice the URL and “info=” parameter. What are we looking for? the flag? Right!. That’s all.

This challenge was way more easy. The issue which arise here is that pentesters/hackers think way more out of the box and they keep on trying the combinations like “home, author, admin, blog, contact” etc etc. It wastes a lot of the time. This challenge was pretty simple while you don’t have to think outside the box.

Thank you for reading!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Security
Hacking
Htb
Penetration Testing
Ethicalhacking

--

--

Kamran Saifullah
Kamran Saifullah

Written by Kamran Saifullah

436 Followers
56 Following

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech